HIPAA and the Privacy Regulations

In 1996, Congress enacted the Health Insurance Portability and Accountability Act, or "HIPAA," a broad-ranging law that created new federal requirements in many areas of health care. These materials deal with only one aspect of HIPAA - its requirements regarding the privacy of personal health information. Before HIPAA, privacy of medical records and other health-related information was mostly regulated by state law. There were a few federal requirements regarding health information, such as rules about disclosure of alcohol and drug abuse treatment record, but until HIPAA there was no comprehensive scheme of federal regulations in this area.

HIPAA instructed the Secretary of the Department of Health and Human Services to issue regulations regarding privacy of health-related information. Development of those regulations took several years, but they have at last been issued in final form. Entities covered by the regulations are required to be in compliance no later than April 14, 2003.

These materials will familiarize you with the principal requirements of the HIPAA privacy regulations as they affect Maxor and you. This first section will introduce several key concepts that help to define the scope of the requirements imposed by the privacy regulations. Later sections of the materials will cover the circumstances in which an entity may use or disclose health information without the patient's permission, and when the patient's permission is required; the rights of patients under the privacy regulations; and the administrative requirements imposed on entities by the regulations.